[Mod-security-developers] ModSecurity version 3.0.3 announcement
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] ModSecurity version 3.0.3 announcement
|
From: Felipe C. <FC...@tr...> - 2018-11-05 21:12:20
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is a pleasure to announce the release of ModSecurity version 3.0.3 (libModSecurity). This version contains a number of improvements in different areas. These include, clean ups, better practices for improved code readability, resilience and overall performance. In addition to these improvements, support to a few missing features such as SecRuleUpdateTargetById, SecRuleUpdateActionById, full support to ctl:requestBodyProcessor and other versions of Lua, (including LuaJIT) as well as fixes on other actions and transformations that were also added since 3.0.2 was released. The API now supports the ability to have the unique id informed on transactions, making possible to match an id that it is already in use by the consuming application (the connector). Special thanks to @tinselcity who pointed us to an uneducated memory usage that could lead to a security issue. The list with the full changes can be found on the project CHANGES file, available here: - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.3/CHANGES The list of open issues is available on GitHub: - https://github.com/SpiderLabs/ModSecurity/labels/3.x As with every new release, a milestone was created to host all the issues that will be fixed till we reach the given milestone. With that, we not only give the community the full transparency of the work that is being done on ModSec, but also even more chances to participate. Milestones give the chance to anyone from the community to deduce when and what will be released. For instance the 3.0.4 milestone is in progress even before 3.0.3 milestone is closed. Some of the active milestones from the ModSecurity project follows: - - milestone v3.0.3: https://github.com/SpiderLabs/ModSecurity/milestone/12 - - milestone v3.0.4: https://github.com/SpiderLabs/ModSecurity/milestone/13 Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on. Further details on the compilation process for ModSecurity v3, can be found on the project README: - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation Complementary documentation for the connectors are available here: - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation IMPORTANT: ModSecurity version 2 will be available and maintained parallel to version 3. There is no ETA to deprecate the version 2.x. New features and major improvements will be implemented on version 3.x. Security or major bugs are planned to be back ported. Version 2 and version 3 has a completely independent development/release cycle. Br., Felipe "Zimmerle" Costa Security Researcher, Lead Developer ModSecurity Trustwave | SMART SECURITY ON DEMAND www.trustwave.com Recognized by industry analysts as a leader in managed security services. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iF0EARECAB0WIQQZDvrMoen6RmqOzZzm37CM6LESdwUCW+Co8AAKCRDm37CM6LES d8zdAJsEDkLqG9POMF4kIt9vliPL69AxCgCfdIzGiiDtoxGPejBwPgCYN+CidMM= =OTGt -----END PGP SIGNATURE----- |
